I have been having problems with incomplete or broken headers in lots of spam messages. Sometimes I will see the missing headers in the body of the message, sometimes not. See below for example. The subject when the message arrived in the inbox was: Subject: EXPLICIT: Nice online dating booty call service.. Kind of caught my eye because I have a porn filter for EXPLICIT: in the subject. So the porn filter wasn't triggered. PORNLIST filter d:\IMail\Declude\pornlist.txt x 5 0 with a routeto in the default file.
The log told me that "Q file exceeds 512 bytes in size". Ipswitch's knowledge base tells me that this was triggered because of the "auto-deny hack attempts" was checked in smtp. It didn't deny it however, since the message was delivered. None of the rules in either Outlook or imail web interface were triggered because the header is incomplete. I turned off the auto-deny and haven't seen any more messages yet. My question is, has anyone noticed anything like this, and is this "feature" broken or is their another factor involved. Declude 3.0.5.23 Imail 8.21 Karen M. Mitchell Senior NewMedia Systems Administrator AccuWeather, Inc. 385 Science Park Road State College, PA 16803 "Get the best weather on the web" - http://www.accuweather.com Imail header via web interface Received: from 247.red-217-216-60.user.auna.net [217.216.60.247] by ntms1.accuweather.com (SMTPD-8.21) id A811033C; Tue, 24 Jan 2006 19:36:33 -0500 Received: from airy d's (implement.catapultrascal.com [150.150.225.86]) by 217.216.60.247 (6.8.6/8.9.9) with ESMTP id FMZT153754637 for <[EMAIL PROTECTED]>; Tue, 24 Jan 2006 22:30:33 -0200 Status: R X-UIDL: 1033884398 X-IMail-ThreadID: c80f034300004a54 Complete message from Outlook Express. Received: from 247.red-217-216-60.user.auna.net [217.216.60.247] by ntms1.accuweather.com (SMTPD-8.21) id A811033C; Tue, 24 Jan 2006 19:36:33 -0500 Received: from airy d's (implement.catapultrascal.com [150.150.225.86]) by 217.216.60.247 (6.8.6/8.9.9) with ESMTP id FMZT153754637 for <[EMAIL PROTECTED]>; Tue, 24 Jan 2006 22:30:33 -0200 Message-ID: <[EMAIL PROTECTED]> Reply-To: "Erna Moran" <[EMAIL PROTECTED]> From: "Erna Moran" <[EMAIL PROTECTED]> Location: cleave iv chloroplatinate Delivery-Notification: No To: "removed" <[EMAIL PROTECTED]> Subject: EXPLICIT: Nice online dating booty call service. Date: Tue, 24 Jan 2006 17:30:33 -0700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--693861316335815" ----693861316335815 Content-Type: text/html; charset="iso-3436-3" Content-Transfer-Encoding: quoted-printable X-RCPT-TO: <[EMAIL PROTECTED]> Status: U X-UIDL: 1033884398 X-IMail-ThreadID: c80f034300004a54 It as the same experieneeCan swim under water.Imagine the lok on your khi= ldren or grandjhildrens faxes when they open the mail box to find a someth= ing with their name on it. The air. This way. =0A <table> <tr> <td><a =0Ahref=3Dhttp://silverdates.com/7654/index.html?1886040>get y= our booty call on right now<br><img =0Asrc=3Dhttp://harddate.com/7654/2383= .jpg border=3D0><br>=0A<p>nr=0A</a>=0Alvq=0A=0A I Great to have another to= py o your book let alone an autographed one. You leave enough information = on their publid site to find out what presahool the child attends. I T ent= ertain people with your writing.<p>=0A<a href=3D=0Ahttp://dategnome.com/?q= Message-Id: <[EMAIL PROTECTED]> Subject: SPAM: X-RBL-Warning: BADHEADERS: This E-mail was sent from a broken mail client [a004010f]. X-RBL-Warning: CMDSPACE: Space found in RCPT TO: command. X-RBL-Warning: HELOBOGUS: Domain 247.red-217-216-60.user.auna.net has no MX or A records [0301]. X-RBL-Warning: ROUTING: This E-mail was routed in a poor manner consistent with spam [a004010f]. X-RBL-Warning: WEIGHT10: Weight of 21 reaches or exceeds the limit of 10. X-Declude-Sender: [EMAIL PROTECTED] [217.216.60.247] X-Declude-Spoolname: Dc80f034300004a54.smd X-Declude-Note: Scanned by Declude 3.0.5.23 (http://www.declude.com/x-note.htm) for spam. X-Declude-Scan: Score [21] at 19:36:39 on 24 Jan 2006 X-Declude-Tests: BADHEADERS, CMDSPACE, HELOBOGUS, ROUTING, WEIGHT10, WEIGHT13 >I wish to stop getting these, thanks! - f<p>=0A</a> =0A<table bgcolor=3Dw= hite> </td></tr></table>=0A<tr><td>=0A <table width=3D100%> </td> </tr></table>=0A<tr><td> =0A <table cellspacing=3D1 width=3D100= %> </td></tr> </table>=0A<tr>=0A<td></td></tr></table>=0A ----693861316335815-- --- [This E-mail was scanned for viruses by Declude EVA www.declude.com] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
